diff --git a/controllers/nginx/pkg/template/template.go b/controllers/nginx/pkg/template/template.go index ab8e8c451..d42c153a8 100644 --- a/controllers/nginx/pkg/template/template.go +++ b/controllers/nginx/pkg/template/template.go @@ -161,7 +161,7 @@ var ( } ) -// fomatIP will wrap IPv6 addresses in [] and return IPv4 addresses +// formatIP will wrap IPv6 addresses in [] and return IPv4 addresses // without modification. If the input cannot be parsed as an IP address // it is returned without modification. func formatIP(input string) string { @@ -177,7 +177,7 @@ func formatIP(input string) string { // buildResolvers returns the resolvers reading the /etc/resolv.conf file func buildResolvers(a interface{}) string { - // NGINX need IPV6 addresses to be surrounded by brakets + // NGINX need IPV6 addresses to be surrounded by brackets nss := a.([]net.IP) if len(nss) == 0 { return "" @@ -221,6 +221,7 @@ func buildLocation(input interface{}) string { return path } +// TODO: Needs Unit Tests func buildAuthLocation(input interface{}) string { location, ok := input.(*ingress.Location) if !ok { @@ -342,6 +343,7 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string { return defProxyPass } +// TODO: Needs Unit Tests func filterRateLimits(input interface{}) []ratelimit.RateLimit { ratelimits := []ratelimit.RateLimit{} found := sets.String{} @@ -361,6 +363,7 @@ func filterRateLimits(input interface{}) []ratelimit.RateLimit { return ratelimits } +// TODO: Needs Unit Tests // buildRateLimitZones produces an array of limit_conn_zone in order to allow // rate limiting of request. Each Ingress rule could have up to three zones, one // for connection limit by IP address, one for limiting requests per minute, and @@ -484,6 +487,7 @@ func buildDenyVariable(a interface{}) string { return fmt.Sprintf("$deny_%v", denyPathSlugMap[l]) } +// TODO: Needs Unit Tests func buildUpstreamName(host string, b interface{}, loc interface{}) string { backends := b.([]*ingress.Backend) location, ok := loc.(*ingress.Location) @@ -507,6 +511,7 @@ func buildUpstreamName(host string, b interface{}, loc interface{}) string { return upstreamName } +// TODO: Needs Unit Tests func isSticky(host string, loc *ingress.Location, stickyLocations map[string][]string) bool { if _, ok := stickyLocations[host]; ok { for _, sl := range stickyLocations[host] { diff --git a/controllers/nginx/pkg/template/template_test.go b/controllers/nginx/pkg/template/template_test.go index 87d8c0561..b4b80acc8 100644 --- a/controllers/nginx/pkg/template/template_test.go +++ b/controllers/nginx/pkg/template/template_test.go @@ -29,6 +29,7 @@ import ( "k8s.io/ingress/core/pkg/ingress" "k8s.io/ingress/core/pkg/ingress/annotations/authreq" "k8s.io/ingress/core/pkg/ingress/annotations/rewrite" + "net" ) var ( @@ -273,3 +274,101 @@ func TestBuildClientBodyBufferSize(t *testing.T) { t.Errorf("Expected '%v' but returned '%v'", false, i) } } + +func TestIsLocationAllowed(t *testing.T) { + loc := ingress.Location{ + Denied: nil, + } + + isAllowed := isLocationAllowed(&loc) + if !isAllowed { + t.Errorf("Expected '%v' but returned '%v'", true, isAllowed) + } +} + +func TestBuildForwardedFor(t *testing.T) { + inputStr := "X-Forwarded-For" + outputStr := buildForwardedFor(inputStr) + + validStr := "$http_x_forwarded_for" + + if outputStr != validStr { + t.Errorf("Expected '%v' but returned '%v'", validStr, outputStr) + } +} + +func TestBuildResolvers(t *testing.T) { + ipOne := net.ParseIP("192.0.0.1") + ipTwo := net.ParseIP("2001:db8:1234:0000:0000:0000:0000:0000") + ipList := []net.IP{ipOne, ipTwo} + + validResolver := "resolver 192.0.0.1 [2001:db8:1234::] valid=30s;" + resolver := buildResolvers(ipList) + + if resolver != validResolver { + t.Errorf("Expected '%v' but returned '%v'", validResolver, resolver) + } +} + +func TestBuildAuthSignURL(t *testing.T) { + urlOne := "http://google.com" + validUrlOne := "http://google.com?rd=$request_uri" + + urlTwo := "http://google.com?cat" + validUrlTwo := "http://google.com?cat&rd=$request_uri" + + authSignURLOne := buildAuthSignURL(urlOne) + if authSignURLOne != validUrlOne { + t.Errorf("Expected '%v' but returned '%v'", validUrlOne, authSignURLOne) + } + + authSignURLTwo := buildAuthSignURL(urlTwo) + if authSignURLTwo != validUrlTwo { + t.Errorf("Expected '%v' but returned '%v'", validUrlTwo, authSignURLTwo) + } +} + +func TestBuildNextUpstream(t *testing.T) { + nextUpstream := "timeout http_500 http_502 non_idempotent" + validNextUpstream := "timeout http_500 http_502" + + buildNextUpstream := buildNextUpstream(nextUpstream) + + if buildNextUpstream != validNextUpstream { + t.Errorf("Expected '%v' but returned '%v'", validNextUpstream, buildNextUpstream) + } +} + +func TestBuildRateLimit(t *testing.T) { + loc := ingress.Location{} + + loc.RateLimit.Connections.Name = "con" + loc.RateLimit.Connections.Limit = 1 + + loc.RateLimit.RPS.Name = "rps" + loc.RateLimit.RPS.Limit = 1 + loc.RateLimit.RPS.Burst = 1 + + loc.RateLimit.RPM.Name = "rpm" + loc.RateLimit.RPM.Limit = 2 + loc.RateLimit.RPM.Burst = 2 + + loc.RateLimit.LimitRateAfter = 1 + loc.RateLimit.LimitRate = 1 + + validLimits := []string{ + "limit_conn con 1;", + "limit_req zone=rps burst=1 nodelay;", + "limit_req zone=rpm burst=2 nodelay;", + "limit_rate_after 1k;", + "limit_rate 1k;", + } + + limits := buildRateLimit(loc) + + for i, limit := range limits { + if limit != validLimits[i] { + t.Errorf("Expected '%v' but returned '%v'", validLimits, limits) + } + } +}